Daily Open Source Infrastructure Report 17 February 2012 Top Stories • Citigroup agreed to pay $158.3 million to settle claims its mortgage unit fraudulently misled the government into insuring risky mortgage loans — more than one-third of which went into default — for more than 6 years. – Associated Press (See item 10) • Twelve people in five states were infected with E. coli O26 in an outbreak linked to raw clover sprouts served at Jimmy John’s sandwich restaurants, the fifth-such outbreak linked to sprouts served at the eateries in the last 4 years. – Food Safety News (See item 15) Fast Jump Menu PRODUCTION INDUSTRIES • Energy • Chemical • Nuclear Reactors, Materials and Waste • Critical Manufacturing • Defense Industrial Base • Dams SUSTENANCE and HEALTH • Agriculture and Food • Water • Public Health and Healthcare SERVICE INDUSTRIES • Banking and Finance • Transportation • Postal and Shipping • Information Technology • Communications • Commercial Facilities FEDERAL and STATE • Government Facilities • Emergency Services • National Monuments and Icons Energy Sector Current Electricity Sector Threat Alert Levels: Physical: LOW, Cyber: LOW Scale: LOW, GUARDED, ELEVATED, HIGH, SEVERE [Source: ISAC for the Electricity Sector (ES-ISAC) [http://www.esisac.com] 1. February 16, Associated Press – (Alaska) Drilling mud spills at Repsol exploratory well. An exploratory well near the mouth of the Colville River, at the Qugruk 2 drill site near Nuiqsut, Alaska, hit a natural gas patch about 2,600 feet deep, forcing drilling mud back up the rig, an Alaska Department of Environmental Conservation spokesman -1- said in a release February 16. About 42,000 gallons of drilling mud was released as it and methane gas shot from the well through a diverter pipe, the Anchorage Daily News reported. Mud was pumped into the borehole to “kill” the well, but that mud was also blown out. Spanish oil company Repsol evacuated workers from the site over concerns about the methane. February 15 Repsol reported that, although not under full control, the flow of gas appeared to have nearly stopped and drilling mud was no longer flowing from the well. Repsol hired Wild Well Control Inc. of Houston to assist with controlling the well. That crew was expected to arrive February 16. Once the well is controlled, the North Slope company Alaska Clean Seas will begin to clean up the mud. Source: http://www.businessweek.com/ap/financialnews/D9SUA9K00.htm 2. February 14, Washington Post – (Virginia) Alexandria power plant fined again. Alexandria, Virginia’s coal-burning power plant, the GenOn Potomac River power plant, scheduled to shut down October 1 after years of local opposition, must pay a $280,704 fine for violating air-quality laws, the largest such fine ever imposed against the plant, the Washington Post reported February 14. The power plant exceeded its nitrogen oxides limit six times between June 28 and July 18, 2011, according to a consent degree issued by the Virginia Air Pollution Control Board the week of February 6 and agreed to by GenOn. Asked why the penalty was so high, the regional enforcement manager for the Virginia Department of Environmental Quality said, “Compliance history is taken into account when we’re assessing fines.” The company has been fined before, and the most recent penalty was $5,000 more than the largest previous fine, assessed in May. Source: http://www.washingtonpost.com/local/alexandria-power-plant-finedagain/2012/02/10/gIQAzKUYDR_story.html 3. February 13, Asheville Citizen-Times – (North Carolina) Greenpeace protests Progress Energy plant, scale smokestack. Five climbers from the Greenpeace environmental group reached a platform about two-thirds of the way up a 300-foot smokestack at the Progress Energy plant in Buncombe County, North Carolina, February 13 to unfurl a banner during a planned demonstration and protest. Sixteen people entered the plant compound, a Buncombe sheriff’s spokesman said. A Greenpeace organizing manager said besides the five scaling the smokestack, others secured themselves to a coal conveyor belt in an attempt to stop the flow of coal into the facility, which provides electricity for the Asheville, North Carolina region; she would not say how the protestors got inside the plant. They chose the plant because it burns coal and because Progress and Duke are in the midst of a merger. Source: http://www.citizentimes.com/article/20120213/NEWS01/120213005/Greenpeace-protest-ProgressProtesters-out-plant-now?odyssey=nav|head For more stories, see items 36 and 40 [Return to top] Chemical Industry Sector -2- 4. February 16, Shreveport Times – (Louisiana) 18-wheeler rollover snarls traffic. A three-vehicle crash on East Bert Kouns Industrial Loop in Shreveport, Louisiana, that involved an 18-wheeler carrying liquid nitrogen caused a traffic snarl February 15. The 18-wheeler was stopped at railroad tracks in the right lane of eastbound Bert Kouns when a Hyundai SUV attempted to move into the left lane to go around and struck a pumper truck, Shreveport police said. That truck was pushed into the 18-wheeler, and knocked it onto the tracks. The guardrail punctured the tank, causing the gas to leak. No perimeter was set up, nor was anyone evacuated. Railroad companies were notified of the crash to prevent trains from coming through the crash scene. Two people in the SUV were taken to the hospital. Traffic was limited to one westbound lane on Bert Kouns for about 4 hours. Source: http://www.shreveporttimes.com/article/20120216/NEWS01/202160314/18wheeler-rollover-snarls-traffic?odyssey=nav|head 5. February 16, Occupational Health & Safety – (California) $540,890 in fines issued to three firms following blast at Calif. plant. The California Department of Industrial Relations’ (DIR) Division of Occupational Safety and Health (Cal/OSHA) has issued 28 citations with penalties totaling $540,890 following an investigation of an August 2011 explosion in Sylmar, that injured three people. Investigators found violations at three companies that resulted in 18 serious and six willful citations. The citations were issued to Rainbow of Hope AKA Rainbow of Hope Foundation, Strategic Sciences Inc., and Realm Catalyst. The explosion occurred when a pressure vessel containing compressed gas, including oxygen and hydrogen, exploded while the two workers were transferring the gas from one cylinder to another. The explosion seriously injured two workers. “Our investigation documented a troubling disregard for safety as the employer continued to manufacture and store gases that are known to be highly explosive without the proper safety procedures in place,” the Cal/OSHA chief said. Source: http://ohsonline.com/articles/2012/02/16/540890-in-fines-issued-to-threefirms-following-blast-at-calif-plant.aspx?admgarea=news 6. February 16, MLive.com – (Michigan) Dow Chemical to offer to purchase 50 Midland properties near plant, hopes to resolve dioxin issue. Dow Chemical Co. is offering to purchase 50 properties in Midland, Michigan, near the chemical plant with the aim of resolving dioxin contamination issues. The chemical giant and the Michigan Department of Environmental Quality (DEQ) announced the proposed plan February 16. The DEQ backs Dow’s plan, and will hold a public information meeting on it March 1. Dow retained a real estate services company to administer the voluntary property purchase program and help property owners and renters understand their options. The company will donate any properties to Midland Tomorrow. Property owners who do not want to move can choose testing and remediation. Dow is working with the DEQ to clean up contamination of furans and dioxins, byproducts of chemicals from manufacturing. In recent years, Dow has admitted to leaking various amounts of the chemicals from the late 1890s to the 1970s. Source: http://www.mlive.com/news/saginaw/index.ssf/2012/02/dow_chemical_to_offer_to_pu rch.html -3- 7. February 15, Atlanta Journal-Constitution – (Georgia) Atlanta chemical manufacturing company gets EPA violation letter. The U.S. Environmental Protection Agency (EPA) has ordered an Atlanta-based chemical manufacturing company to clean up the hazardous waste at its site and move some of the material off of the property. SIC Technologies, which produces and sells chemicals for aluminum and stainless steel businesses, received an EPA order February 15 asking it to immediately clean up the waste, which the agency called “an imminent and substantial endangerment to human health and the environment.” The EPA said SIC has improperly stored solid and hazardous wastes in corroding or leaking containers. The company also does not have aisle space “sufficient to address emergency releases,” the agency said. The order was issued after three EPA inspections, one in November 2011, and two in January. Source: http://www.ajc.com/business/atlanta-chemical-manufacturing-company1350311.html 8. February 15, Pasadena Star-News – (California) Truck sought after acid spill on Foothill Boulevard. Authorities are seeking a truck that leaked a highly toxic chemical on a 6-block stretch of Foothill Boulevard in Azusa, California, prompting a closure for much of February 14, and a clean-up operation with a $10,000 price tag. The chemical was later identified as chromic acid — a toxic and carcinogenic cleaning material used in metal plating, said an Azusa police corporal. Witnesses reported the substance was leaking from an unidentified stake bed style truck traveling eastbound, he said. Westbound traffic lanes were briefly shut down following the spill, and eastbound lanes remained closed for much of the day. Source: http://www.pasadenastarnews.com/news/ci_19974905 For another story, see item 13 [Return to top] Nuclear Reactors, Materials and Waste Sector Nothing to report [Return to top] Critical Manufacturing Sector 9. February 16, U.S. Department of Transportation – (National) NHTSA recall notice Navistar IC Bus and International models traction relay valves. Navistar announced February 16 that it recalled 18,959 model year 2012-2013 IC Bus HC and International 9400, and certain model year 2011-2013 International Durastar, Payster, Workstar, Transtar, Lonestar, Prostar, 9200, and 9800, and certain model year 2013 International 9900 vehicles manufactured from December 2, 2010, through January 26, 2012 and equipped with Bendix ATR-6 traction relay valves. In extremely cold conditions these valves may develop internal leakage. Leakage can lead to air pressure being delivered to affected primary or secondary brakes, causing continuous brake -4- application. Unexpected continuous brake application can cause the brakes to overheat and lead to a fire. Unexpected continuous brake application can also cause the driver to lose control of the vehicle. Also, the brakes may be applied without illuminating the brake lights, failing to give proper warning to other drivers. Navistar will notify owners, and dealers will provide a temporary repair until Bendix develops a permanent remedy. The safety recall is expected to begin on or before April 6. Source: http://wwwodi.nhtsa.dot.gov/recalls/recallresults.cfm?start=1&SearchType=QuickSearch&rcl_ID= 12V052000&summary=true&prod_id=1170772&PrintVersion=YES [Return to top] Defense Industrial Base Sector Nothing to report [Return to top] Banking and Finance Sector 10. February 15, Associated Press – (National) Citi to pay $158 million in mortgage settlement. Citigroup agreed to pay $158.3 million to settle claims its mortgage unit fraudulently misled the government into insuring risky mortgage loans for more than 6 years. The government said February 15 CitiMortgage certified 30,000 mortgages for insurance provided by the Federal Housing Administration and submitted many certifications that were “knowingly or recklessly false.” More than a third of those loans went into default, resulting in millions of dollars in losses for the government due to the insurance claims. As part of the civil fraud settlement, Citi accepted responsibility for failing to comply with government rules and submitting certifications that were fraudulent. The payments are in addition to the $2.2 billion Citigroup has to pay in connection with the $26 billion mortgage loan settlement announced the week of February 6 by the Justice Department and the nation’s top mortgage lenders. Since 2004, more than 30 percent of loans originated or underwritten by CitiMortgage went into default. CitiMortgage submitted certifications to the government that stated certain loans were eligible for federal mortgage insurance when they were not, according to the government. Source: http://www.nytimes.com/2012/02/16/business/citigroup-to-pay-158-million-inmortgage-fraud-settlement.html 11. February 15, Orange County Register – (California) Man sought as ‘Snowboarder Bandit’ robs Anaheim bank. A man who robbed an Anaheim, California bank branch the week of February 13 is believed to be the “Snowboarder Bandit,” suspected of carrying out at least seven Orange County holdups, police announced February 15. Authorities have released surveillance photos of the man who walked into the Schools First Federal Credit Union branch about 2:50 p.m. February 13, handed a teller a note demanding cash, and left with an undisclosed amount of money. Officials believe the robber is the “Snowboarder Bandit,” who previously struck at bank branches in Irvine, -5- Laguna Hills, Anaheim Hills, Ladera Ranch, and Corona del Mar. The bandit earned his name due to his “youthful appearance and the ski-type clothes” he has worn during the robberies, authorities said. Source: http://www.ocregister.com/news/bandit-340544-anaheim-snowboarder.html [Return to top] Transportation Sector 12. February 15, WHNS 21 Greenville – (South Carolina) Charges filed in school bus crash that injured 9. The driver of a truck that collided with a school bus near Simpsonville, South Carolina February 15 has been charged in connection with the crash. Troopers said a pickup truck, driven by the woman charged, was traveling west on the road it crossed the center line and crashed head-on into a Greenville County school bus that was eastbound. Troopers said 51 students were on the bus when the crash happened. They said seven students were taken to area hospitals and treated for minor injuries. The pickup driver was charged with driving under the influence. Source: http://www.foxcarolina.com/story/16939744/hp-simpsonville-crash-seriousschool-bus-involved For more stories, see items 4, 8, 13, and 31 [Return to top] Postal and Shipping Sector 13. February 16, Associated Press – (Georgia; Tennessee) Crash of semitrailer, cleanup of chemical spill block southbound lanes of Georgia interstate. Authorities said a FedEx semitrailer hauling chemicals containing formaldehyde overturned on an interstate in Dalton, Georgia, near the Georgia-Tennessee line, forcing the highway to close for a time as crews cleaned up the chemical mess. An official with the Georgia State Patrol said the truck, which was hauling two trailers, hit a guardrail and overturned February 16. The wreck happened on Interstate 75 about 30 miles south of Chattanooga, Tennessee. The official said hundreds of small bottles of sterilization fluid, each containing a small amount of formaldehyde, spilled from the truck. Source: http://www.startribune.com/nation/139434168.html [Return to top] Agriculture and Food Sector 14. February 16, Food Safety News – (California) Recall of chicken feet, tripe, pork uteri. JAA Meat Products Corporation of Maywood, California, is recalling an undetermined amount of meat and poultry that may not have been federally inspected, the U.S. Department of Agriculture’s Food Safety and Inspection Service (FSIS) announced February 15. The problem was discovered during an investigation by FSIS. It said the pork uteri, chicken feet, and duck feet may have been produced using sodium -6- percarbonate, a food additive not approved for use in these specific products. The products were sold in California. Source: http://www.foodsafetynews.com/2012/02/recall-of-meat-poultry-not-federallyinspected/ 15. February 15, Food Safety News – (National) Outbreak linked to raw sprouts sickens 12. Twelve people in five states were infected with E. coli O26 in an outbreak linked to raw clover sprouts served at Jimmy John’s sandwich restaurants, the Centers for Disease Control and Prevention (CDC) said. Iowa reported five cases, Missouri three, Kansas two, while Arkansas and Wisconsin each reported one person infected with the outbreak strain, the CDC said in a report February 15. It said the onset of illnesses ranged from December 25, 2011 to January 15. Raw sprouts served on sandwiches at Jimmy John’s restaurants were associated with multiple food-borne illness outbreaks in recent years. In 2008, at least 19 E. coli O157:H7 cases were linked to alfalfa sprouts sold at Colorado Jimmy John’s restaurants. In 2009, 228 people became ill in Nebraska, Iowa, South Dakota, and Kansas after eating Salmonella-contaminated sprouts at several restaurants, including Jimmy John’s outlets. In late 2010, a 16-state Salmonella outbreak that struck 94 people was linked, in part, to alfalfa and spicy sprouts served at Jimmy John’s restaurants, while a separate outbreak of Salmonella a month later, which sickened 7 people in Oregon and Washington, was also tied to Jimmy John’s sandwiches. Following those outbreaks, the company announced it was switching from alfalfa sprouts to clover sprouts nationwide. The ill people ate at nine different Jimmy John’s locations in four states, the CDC reported. Source: http://www.foodsafetynews.com/2012/02/twelve-people-in-fives-states/ 16. February 15, Dallas Morning News – (Texas) Fryer sparks blaze at Frito-Lay plant in Arlington. Firefighters extinguished a two-alarm fire February 15 at the Frito-Lay plant in Arlington, Texas. The fire quickly spread into the ventilation system of the chip-making factory. Frito-Lay employees were evacuated after briefly trying to put out the fire with a fire extinguisher, the battalion chief said. The fire was blamed on a commercial fryer that malfunctioned in the 65,000-square-foot building. The plant is to remain closed until food safety inspectors can ensure there will not be any contamination from the fire. Source: http://thescoopblog.dallasnews.com/archives/2012/02/fryer-sparks-blaze-atfrito-la.html 17. February 15, Associated Press – (Michigan) Southwest Mich. barn fire kills about 20 cattle. Authorities in southwestern Michigan said a fire broke out in a 10,000square-foot barn housing about 60 dairy cattle, killing about 20 of them and taking dozens of firefighters hours to extinguish. A Buchanan Township fire captain said the fire was reported February 15 at the farm. He said the fire appears to be accidental. State police classified the cause as undetermined because of the heavy damage to the 100-foot-by-100-foot barn. About 50 firefighters from 10 agencies brought about 20 pieces of equipment to fight the fire. Source: http://www.lansingstatejournal.com/usatoday/article/38584261?odyssey=mod|newswel l|text|Local News|s -7- [Return to top] Water Sector 18. February 16, Jamestown Sun – (North Dakota) Riverbank stabilization project expected to start soon in park. A riverbank stabilization project in Jamestown, North Dakota is only a few weeks from getting underway, according to the Jamestown Parks and Recreation director. A $262,700 project bid approved by the Jamestown Public Works Committee will add fill material to the battered east riverbank of McElroy Park to prevent future erosion. The riverbank has lost 60 feet of ground to erosion since spring 2009. One of the city’s water wells is located in the park near the area subject to erosion. A city councilman on the public works committee wants to ensure the wellhead is maintained. “We have six wells in the city, and we certainly can’t afford to lose one of them as this city continues to add more people and businesses to the area,” he said. The city engineer said the project is designed with wellhead protection in mind. Source: http://www.jamestownsun.com/event/article/id/154720/group/News/ 19. February 15, Gloucester County Times – (New Jersey) Cinnaminson sewerage employees accused of using taxpayer money for personal use. Five Cinnaminson, New Jersey Sewerage Authority (CSA) employees and two others are charged in connection with a scheme to use CSA money and equipment to benefit a private business and to buy items ranging from contracting tools to entertainment centers. The CSA superintendent is accused of having CSA employees perform work during sewerage authority hours for a private company, J & B Environmental Services, he partly operated with three other authority employees. He allegedly used authority money to order equipment for J & B use. In one instance, a worker used more than $1,800 worth of CSA chemicals on a J & B project, authorities said. All of the accused were charged with theft, along with differing combinations of other offenses. Source: http://www.nj.com/gloucestercounty/index.ssf/2012/02/cinnaminson_sewerage_employees.html 20. February 15, Contra Costa Times – (California) Ocean swimming ban lifted after Compton sewage spill. Following two clean samples of water, Compton, California health officials lifted a swimming ban on offshore waters February 15. The ban went into effect February 12 after a 12,000-gallon sewage spill in Compton from a blocked sewer line flowed into the Los Angeles River and along the city’s shoreline. That is about 3.5 miles, from the river to the peninsula, according to the Long Beach Health Department environmental health specialist. Testing by the Long Beach Health and Human Services Department indicates bacteria levels in the water are safe for swimming. Source: http://www.contracostatimes.com/california/ci_19975066 21. February 14, New Orleans Times-Picayune – (Louisiana) State signs off on Kenner fixes to sewage lift stations. Louisiana has signed off on plans to fix three Kenner sewage lift stations with electrical components that are too low, with the fix for a fourth station in the design phase, city officials said February 14. Contractors put an electrical control box for the sewer system only 8 inches off the ground, making it susceptible to -8- flooding. Two stations, at 42nd Street and Illinois Avenue and on Chateau Magdelaine Drive, had easy fixes, the mayor said. In those cases, “feet” were installed to elevate the boxes. At 33rd and Connecticut Avenue, the entire electrical panel will be raised, the chief administrative officer said. Electrical components at a fourth lift station, at West Stanford Place and West Loyola Drive, also were built too low. The design engineer is still designing the changes to that electrical panel. Source: http://www.nola.com/politics/index.ssf/2012/02/state_signs_off_on_kenner_fixe.html For more stories, see items 39 and 41 [Return to top] Public Health and Healthcare Sector 22. February 16, KTLA 5 Los Angeles – (California) Records of 21K O.C. hospital patients were available online. Up to 21,300 hospital patients at two Orange County, California hospitals may have had their medical records compromised for an entire year after incorrect security settings were employed on hospital computers, KTLA 5 reported February 16. The hospitals involved are St. Jude Medical Center in Fullerton and Mission Hospital in Laguna Beach. The confidential records were accessible on public search engines. Accessible information included names, lab results, medications, allergies, body mass index, and demographic information. An additional 9,000 patients in northern California were also affected. An attorney for one patient notified the hospitals sometime during the week of February 6. The hospitals said there are no reports of anyone actually accessing the confidential records. Source: http://www.ktla.com/news/landing/ktla-oc-hospitals-recordscompromised,0,6157505.story [Return to top] Government Facilities Sector 23. February 16, Charlotte Observer – (North Carolina) UNC Charlotte investigates potential online security breach. The University of North Carolina at Charlotte (UNCC) is investigating how private information might have leaked onto the Internet in an apparent online security breach, the Charlotte Observer reported February 16. Officials said the problem may have been the result of human error. They said they are working with a computer forensics firm to determine whether any personally identifiable information or health data was accessed by unauthorized people. The university became aware of the potential problem January 31, according to a message posted on the UNCC Information and Technology Services Web site. Students were alerted to the issue February 15. Officials said they first worked to ensure there was no unauthorized information available on the Internet and then reached out to a forensics firm for help. The investigation could take several weeks, officials said. Source: http://www.charlotteobserver.com/2012/02/16/3016352/uncc-investigatespotential-online.html -9- 24. February 16, Associated Press – (Ohio) Ohio high school closed 2 more days due to odor. A central Ohio high school announced school would be closed, February 16 and February 17, meaning students will have missed a week of classes due to an odor that made several feel ill. Officials said they still do not know what caused the smell at Westland High School in Galloway that began February 13, as tests have not shown the presence of a chemical, environmental, or system-related hazard. A South-Western City schools spokeswoman said February 15 the district does not want to rush the investigation and so school would remain closed until at least until February 21. The district has hired experts in air quality and building mechanical systems to investigate. Source: http://www.sheboyganpress.com/usatoday/article/38586193?odyssey=mod|newswell|te xt|FRONTPAGE|s For more stories, see items 31 and 32 [Return to top] Emergency Services Sector 25. February 16, Virginian-Pilot – (Virginia) Diving equipment failed in Virginia LODD. Two pieces of a police officer’s diving equipment failed during a December 2011 dive-team training exercise, leading to the drowning death of an officer in a Greenbrier lake in Chesapeake, Virginia, according to findings released February 15 by the Chesapeake Police Department. His death was ruled an accident due to drowning. The day he died, a piece fell off the officers’ buoyancy compensator, an inflatable vest that helps a diver ascend or descend, causing it to malfunction. A button on the power inflator that deflates the vest fell off, but he went underwater for the first part of training with no problems, and he could manually inflate or deflate the vest. Later, when the officer went back down to continue training, the power inflator stopped working and the vest would not hold air anymore. The second issue contributing to his death was when he tried to release weights from the vest by pulling on a ripcord. It did not work, the police chief said. Although some equipment was sent off-site to be tested, problems with the weight-release system divers use to make it easier to get under water were quickly apparent. The police chief said weight releases of the other 12 divers were tested and they all failed. An investigation by the state’s department of labor and industry is ongoing. Source: http://www.officer.com/news/10630195/diving-equipment-failed-in-virginialodd 26. February 16, Associated Press – (Wyoming) Wyoming copter crash kills rescuer and snowmobiler. Federal authorities February 16 were investigating the crash of a search-and-rescue helicopter in northwest Wyoming that killed a volunteer crew member trying to help an injured snowmobiler who also died. The Federal Aviation Administration (FAA) and National Transportation Safety Board were looking into the February 15 crash of the Bell 407 helicopter in Wyoming’s Teton County, an FAA spokesman said. The helicopter went down in the mountains about 50 miles northeast of Jackson. The pilot and another rescuer were injured. - 10 - Source: http://www.centredaily.com/2012/02/16/3092602/wyoming-copter-crash-killsrescuer.html#wgt=rcntnews 27. February 15, MSNBC; NBC News – (Illinois) Chicago cops who took bag of cash caught in FBI sting. Two Chicago police officers, allegedly thinking they were stealing more than $5,000 in cash from a drug courier, were arrested after it turned out they were being tracked in an undercover sting, MSNBC reported February 15. The officers were arrested February 12 on federal charges alleging they stole $5,200 in government undercover funds November 21, 2011 from a homeless man who claimed to be a drug courier but was working as an FBI informant. According to the complaint, the officers, who have worked for the Chicago Police Department for 18 and 14 years, respectively, had told the informant to alert them whenever a drug money transport was in progress. Three days before the November 21, 2011 incident, the informant told one officer where he could come pick it up, CBS2 Chicago reported. The officer allegedly then arranged for the second officer to intercept the money, reported CBS2. When he came to pick up the bag, it contained the cash and a court-authorized tracking device, according to the criminal complaint. Video surveillance then purportedly showed the informant asking the first officer for a cut, and him allegedly handing over $400. The officers were released on $10,000 bond each after appearing in federal court February 13, and are scheduled for a status hearing February 21. Source: http://usnews.msnbc.msn.com/_news/2012/02/15/10415141-chicago-copswho-took-bag-of-cash-caught-in-fbi-sting For another story, see item 32 [Return to top] Information Technology Sector 28. February 16, H Security – (International) Flash Player update plugs exploited hole. Adobe released updates for Flash Player closing seven holes in the application. Six of the holes can be exploited to allow an attacker to infect a PC using crafted Web pages. The seventh is a cross site scripting hole that Adobe says is already being exploited in “active targeted attacks.” The attacks, which are only aimed at Internet Explorer on Windows, try to trick the user into clicking on a malicious link. Adobe said the hole “could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website.” Flash Player version 11.1.102.55 and earlier on Windows, Macintosh, Linux, and Solaris, version 11.1.112.61 and earlier for Android 4.x, and version 11.1.111.5 and earlier for Android 3.x and 2.x, are all affected. Desktop Flash users should update to 11.1.102.55 by downloading it from Adobe’s site. Android 4.x users should update to 11.1.115.6 and Android 3.x and 2.x users should update to version 11.1.111.6 by browsing to the Android Market Place for an update. Google’s Chrome browser, which embeds the Flash Player, was updated to version 17.0.963.56 on Windows, Mac, Linux, and Chrome Frame. The Chrome update also addresses 13 high, medium, and low severity security issues. Source: http://www.h-online.com/security/news/item/Flash-Player-update-plugsexploited-hole-1435494.html - 11 - 29. February 15, Reuters – (International) Apple tweaks apps policy under lawmaker pressure. Under pressure from U.S. legislators, Apple Inc. moved February 15 to quell a swelling privacy controversy by saying it will begin to require iPhone and iPad applications to seek “explicit approval” in separate user prompts before accessing users’ address book data. Apple’s move came shortly after two members of the U.S. House Energy and Commerce committee requested the company to provide more information about its privacy policies. Recently, bloggers published findings that some of the most popular software applications in Apple’s App Store were able to lift private address book data without user consent. In a letter addressed to Apple’s chief executive, Democrats from California and North Carolina asked Apple February 15 to clarify its developer guidelines and the measures taken by the company to screen apps sold on its App Store. The letter came after Path, a startup that makes a social networking app, attracted widespread criticism the week of February 6 after a Singaporean developer found its iPhone app was uploading his contacts’ names and phone numbers onto Path’s servers. In the following days, other technology bloggers discovered that iPhone like Facebook, Twitter, Foursquare, and Foodspotting similarly uploaded user data — without permission, in some cases. Source: http://www.reuters.com/article/2012/02/15/apple-privacyidUSL2E8DFEYJ20120215 30. February 15, H Security – (International) Java SE updates fix critical security holes. Oracle fixed 14 security holes in the Java Standard Edition (Java SE) with a critical patch update. The vulnerabilities allow attackers to use specially crafted Java WebStart applications or Web services to install malicious code on computers that run flawed versions of Java. Oracle said such flawed versions are particularly likely to exist on Windows computers because Windows users tend to have admin. privileges. The risk is smaller under operating systems such as Linux and Solaris, the company added. The holes, five of which are rated as maximum risk vulnerabilities, affect the JDK (Java Development Kit) and JRE (Java Runtime Environment) 7 Update 2, JDK and JRE 6 Update 30, JDK and JRE 5.0 Update 33, and SDK and JRE 1.4.2:35, and earlier releases of each. Versions older than JavaFX 2.0.2 are also affected. Oracle closed the holes in Java SE 7 Update 3, Java SE 6 Update 31, and JavaFX 2.0.3. The updates are available for Windows, Linux, and Solaris. Under Windows, the updates will be installed automatically via auto-update. Otherwise, the patches can be downloaded from the Java download page and installed manually. Source: http://www.h-online.com/security/news/item/Java-SE-updates-fix-criticalsecurity-holes-1435043.html For more stories, see items 22, 23, 32, and 34 Internet Alert Dashboard To report cyber infrastructure incidents or to request information, please contact US-CERT at sos@us-cert.gov or visit their Web site: http://www.us-cert.gov Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and Analysis Center) Web site: https://www.it-isac.org - 12 - [Return to top] Communications Sector 31. February 16, Agence France-Presse – (National) US regulators pull plug on LightSquared. U.S. telecom regulators pulled the plug on a plan to build a high-speed wireless broadband network, citing potential interference with GPS navigation devices. The Federal Communications Commission (FCC) said February 14 it was revoking permission for LightSquared to build a 4G-LTE network the company said would cover more than 90 percent of the United States by 2015. Explaining the decision, the FCC cited research done by the National Telecommunications and Information Administration (NTIA), the agency that coordinates spectrum use by the U.S. military and federal government. Source: http://www.google.com/hostednews/afp/article/ALeqM5ifoIo33OOW8IiWA0V5Q1D WggQq0Q?docId=CNG.d2dffb7bb5556b9a072d2459a2931d3f.331 32. February 16, North Country Now – (New York) Slic internet service interrupted for about 3 hours in Potsdam, Canton and other areas. Internet service for many Slic Network subscribers was interupted for several hours February 15 and February 16 throughout parts of St. Lawrence County, New York. St. Lawrence County offices, the Potsdam Village Police, and Clarkson University were among a number of businesses and organizations reporting an inability to access the Internet. Shortly before 5 p.m., February 15, a representative of Nicholville-based Slic Network Solutions confirmed they were having problems and indicated the problem involved a circuit outside their network. Time-Warner subscribers in Potsdam and Massena reported they did not have outages. Source: http://northcountrynow.com/news/internet-service-down-potsdam-canton050102 33. February 15, Radio World – (Wisconsin) Copper theft silences WZRK (AM). Copper theft at an AM station in southeast Wisconsin has become so bad the facility has asked the Federal Communications Commission (FCC) for permission to go off the air while it installs a system to prevent future thefts. GS Radio, the owner of WZRK 1550 AM Lake Geneva, said that twice now, “thieves have stolen the copper ground radials surrounding the WZRK tower, outside the fenced area surrounding the transmitter shed, and the AM tower itself.” GS told the FCC the copper radials must be replaced again. It asked the commission for permission to stay off the air “for a few months” to accomplish that, as well as devise a security system. Source: http://www.rwonline.com/article/copper-theft-silences-wzrkam-/211859 34. February 14, ZDNet – (International) Nortel hacking attack went unnoticed for almost 10 years. According to a Wall Street Journal report, hackers who appeared to be working in China broke into Nortel’s computer networks more than a decade ago and over the years downloaded technical papers, research-and-development reports, business plans, employee, e-mails, and other documents, ZDNet reported February 14. The report said the hackers used seven passwords stolen from top Nortel executives, - 13 - including the company’s chief executive officer (CEO), and maintained a persistent presence by hiding spying software “so deeply within some employees’ computers that it took investigators years to realize the pervasiveness of the problem.” The initial breach occurred as far back as 2000 but Nortel did not discover the threat until 2004, when an employee noticed that a senior executive appeared to be downloading an unusual set of documents, according to the internal report. Source: http://www.zdnet.com/blog/security/nortel-hacking-attack-went-unnoticed-foralmost-10-years/10304 For another story, see item 29 [Return to top] Commercial Facilities Sector 35. February 16, Associated Press – (Connecticut) Condo complex fire in Bridgeport injures 5, displaces 35. A fire that ripped through a Bridgeport, Connecticut apartment building February 16 forced some people to jump from windows, but officials said everyone got out safely. Authorities said five people were taken to a hospital, including two people who jumped from their windows and an elderly man found in his apartment by firefighters, but their injuries were not life-threatening. Thirty-five people were displaced from their homes and the American Red Cross is offering help with temporary housing and other needs. The cause of the fire is under investigation. Source: http://nhregister.com/articles/2012/02/16/news/doc4f3ceb3985990289161620.txt 36. February 15, KREM 2 Spokane – (Washington) Firefighter, resident injured in Spokane apartment fire. Flames burned through an apartment complex in Spokane, Washington, February 14, leaving dozens of people displaced. Spokane fire officials said all 18 units were occupied with roughly 40 to 50 people living in the building. Flames were declared under control after 2 hours. One resident suffered minor burns and smoke inhalation. One firefighter also suffered minor injuries. Crews contained the fire to just two apartments, but there was heavy smoke damage to other units. Firefighters had to shut off power to the building, which means renters will need to find a new place to stay for the time being. Damage was mostly contained to two units on the top floor, including the structure of the building and the roof. Source: http://www.nwcn.com/home/?fId=139355098&fPath=/news/local&fDomain=10222 For more stories, see items 20 and 32 [Return to top] National Monuments and Icons Sector 37. February 16, Associated Press – (North Carolina) Abandoned campfire blamed for blaze in Uwharrie National Forest outside Asheboro. U.S. Forest Service officials - 14 - said an abandoned campfire is the likely cause of a blaze that burned 73 acres in the Uwharrie National Forest outside Asheboro, North Carolina. No arrests have been made. The fire started the weekend of February 11 about 5 miles from Asheboro and has been contained. The Forest Service continues clean-up operations, including erosion control measures. Eighty percent of the fire was in the Birkhead Mountains Wilderness area of the national forest. Twenty percent was on private land. The Birkhead Wilderness area remains closed to visitors. Source: http://www.therepublic.com/view/story/c8f491ca1fad4af388ae16766043a4a7/NC-Uwharrie-Wildfire/ [Return to top] Dams Sector 38. February 16, Nashville Tennessean – (Tennessee) Nashville 2010 flood detailed in report. The U.S. Army Corps of Engineers February 15 released a detailed technical report they say will be the definitive record of the May 2010 flood and will provide the foundation for future improvements. The 188-page report is filled with every detail about the flood — record rainfall amounts across the Nashville, Tennessee area, record stream and river elevations, accounting of the some $2.4 billion in damage, and 26 deaths from those events. The information will provide local, state, and federal emergency planners a new guide to preparing for future floods and natural disasters, some of which is already under way. Among the recommended and ongoing improvements are better mapping of flood plains so residents have a better idea of flood risks, faster and more accurate measurement and warning tools for when flooding is possible, and adding locations where weather and emergency officials can monitor rivers and streams. The report is available at: http://www.lrn.usace.army.mil/flood.htm. Source: http://www.tennessean.com/article/20120216/NEWS01/302160047/Nashville2010-flood-detailed-in-report 39. February 16, United Press International – (Illinois) No injuries in Illinois ‘Deep Tunnel’ fire. An equipment fire in the Chicago area’s Deep Tunnel February 15 forced the evacuation of eight workers, officials said. No one was injured in the blaze, the Southtown Star and WLS-TV, Chicago reported. The Metropolitan Water Reclamation District said the incident — about 220 feet below the surface, near the Thornton Quarry — began when a compressor on a generator caught fire, the Chicago Tribune said. The South Holland Fire Department put out the flames. The workers, who were lining a section of the water drainage tunnel with concrete, were hoisted out with a crane. The Deep Tunnel is part of a system to reduce flooding throughout the region. The system is being connected to the Thornton Quarry, which will serve as a reservoir. Source: http://www.fireengineering.com/news/2012/02/16/no-injuries-in-illinois-deeptunnel-fire.html 40. February 15, Associated Press – (Nebraska) Corps awards $4.7M for levee repairs in Nebraska. The U.S Army Corps of Engineers has awarded a $4.7 million contract for levee repair work on the Missouri River south of Nebraska City, Nebraska. The - 15 - Corps said the work will repair damage done during last summer’s flooding on the levee, and includes repairing scour holes, constructing seepage berms and seeding. Work on the critical aspects is expected to be completed by March 1. The Corps said the project is aimed at reducing the flood risk for about 6 square miles, including the Omaha Public Power District’s coal-fired power plant in Nebraska City. Source: http://www.chicagotribune.com/news/chi-ap-ne-leveerepair,0,1497072.story 41. February 14, Boulder Daily Camera – (Colorado) Police: Boulder Reservoir gatecrashers caused $7,000 in damage. Boulder, Colorado police arrested one man on suspicion of criminal mischief and trespassing and ticketed another after a pick-up truck drove through a locked gate at the Boulder Reservoir, the Boulder Daily Camera reported February 14. Boulder police were called to the reservoir February 11 after a manager there saw damage to the gate, including a significant dent in the gate and a post pulled out of the ground. The cost of the damage was estimated at $7,000, according to a police report. Officers found a truck that had front-end damage consistent with the damage at the reservoir gate. The owner of the truck told police he took a friend to the reservoir for a “polar plunge.” He told officers he did not realize the road would be blocked by the gate and saw the gate too late to stop safely. In a voluntary statement signed by the suspect, he said it was an accident and he would pay for any damages. Source: http://www.dailycamera.com/boulder-county-news/ci_19962344 [Return to top] - 16 - Department of Homeland Security (DHS) DHS Daily Open Source Infrastructure Report Contact Information About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/iaipdailyreport Contact Information Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2267 Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes. Removal from Distribution List: Send mail to support@govdelivery.com. Contact DHS To report physical infrastructure incidents or to request information, please contact the National Infrastructure Coordinating Center at nicc@dhs.gov or (202) 282-9201. To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.gov. Department of Homeland Security Disclaimer The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. - 17 -